Lisa Besko wrote:
Thanks for the help so far. Part of the problem is we have probably tried so many things we probably messed something up along the way don't remember what is is.
Stop right there. If you don't keep track of what you're doing, you will NEVER get it to work. Throw away everything you've done, and start with all of the default configuration files. Then, proceed with the following steps: 1) Configure EAP-TTLS i.e. the "tls" and "ttls" sub-sections of eap.conf 2) Put the following at the TOP of the "users" file: bob Cleartext-Password := "bob" 3) Start the server in debug mode 4) validate that you can log in with "bob" using radtest (i.e. PAP) 5) validate that EAP-TTLS works with username/password "bob" and "bob" 6) Configure kerberos in radiusd.conf. 7) Delete the "bob" entry in the "users" file. 8) Replace it with: DEFAULT Auth-Type = Kerberos And it WILL work. ...
authenticate { Auth-Type PAP { pap }
Auth-Type kerberos { krb5 } }
If you don't list "eap" there, it won't work. Again, throw away your existing configuration files, and start from the default ones.
users: DEFAULT Freeradius-Proxied-To == 127.0.0.1 Fall-Through = Yes
That entry does nothing.
DEFAULT Auth-Type := Kerberos Fall-Through = 1
An earlier message in this thread said "Auth-Type = Kerberos". What you have above is different. PLEASE follow instructions carefully. Alan DeKok.